GDPR Compliance
Our commitment to data protection under the General Data Protection Regulation
Introduction
Shadowtide Voyage is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and other applicable data protection laws.
Data Controller
For the purposes of GDPR, the data controller is:
Shadowtide Voyage
47 Kensington Gardens Square
London W2 4EF
United Kingdom
Email: [email protected]
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: You have given clear consent for us to process your personal data for specific purposes.
- Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: Processing is necessary for us to comply with the law.
- Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
Your Rights Under GDPR
Under the GDPR, you have the following rights:
1. Right to Access
You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
2. Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
3. Right to Erasure
You have the right to request that we erase your personal data under certain conditions, including:
- The personal data is no longer necessary for the purposes for which it was collected
- You withdraw consent on which the processing is based
- You object to the processing and there are no overriding legitimate grounds
- The personal data has been unlawfully processed
4. Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data under certain conditions.
5. Right to Object to Processing
You have the right to object to our processing of your personal data under certain conditions, including processing for direct marketing purposes.
6. Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
7. Right to Withdraw Consent
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
How to Exercise Your Rights
To exercise any of your rights under GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. If your request is complex or we have received a number of requests, we may extend this period by two further months, in which case we will inform you.
Data Security
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular testing and assessment of security measures
- Staff training on data protection
- Limited access to personal data on a need-to-know basis
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining retention periods, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process your personal data
- Applicable legal requirements
International Data Transfers
We primarily process data within the UK and European Economic Area (EEA). If we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place.
Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, and within 72 hours of becoming aware of the breach.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
In the UK, the supervisory authority is:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: shadowtide-voyage.com
Children's Data
Our services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Updates to This Policy
We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.
Contact Us
If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at:
Email: [email protected]
Address: 47 Kensington Gardens Square, London W2 4EF, United Kingdom